MH17: Twitter and Facebook spammers exploit crash

Scammers are using the MH17 disaster in east Ukraine to spread objectionable links, online security experts have warned.

A link to a pornographic website disguised as a video of the Malaysia Airlines crash was posted on a Facebook page dedicated to one victim.

Many tweets have been posted that appeared to report the disaster, but actually included spam links.

One expert said the firms should take more responsibility for removing them.

Online security specialist Richard Cox said that it was common for spammers to exploit anything being discussed by a lot of people online.

"It is a fairly rapid and predictable response by the individuals behind it. They are all to make money. There is no compassion involved," he said.

Mr Cox, who is also chief information officer for anti-spam body Spamhaus, added that the perpetrators might be using software that could detect what was being posted regularly and repost using the same hashtags.

A Facebook community page dedicated to Liam Sweeney, one of the 298 people victims, uses his name and picture.

Its sole post is a link entitled: "Video Camera Caught the moment plane MH17 Crash over Ukraine".

However, the link takes users to a pornographic website. Moreover, anyone who clicks on it is then asked to call a phone number in order to verify that they are aged 18 or older.

"Whoever it is now has your caller ID and you could get a lot of nuisance calls," said Mr Cox.

"This is all based on a somewhat tasteless video that probably doesn't exist and is presented in a completely tasteless way."

He added that Facebook should have deleted the site.

Facebook subsequently did so after it was brought to its attention by the BBC. A spokesman said: "We are disabling these profiles as soon as we are made aware of them.

"We encourage people to block those responsible and report suspicious behaviour to our team of experts via our reporting buttons so that we can quickly take the appropriate action."

On Friday 18 July, security firm TrendMicro reported that it had detected tweets pretending to be about MH17, but which also bore spam links.

Rik Ferguson, the firm's vice president of security research, said that its research suggested that the pages were most likely being used to gather clicks to generate advertising revenue.

He said the tactic could also be used to force pages higher up search engine rankings.

"It looks like a lot of people are retweeting what they are doing," he said.

Twitter's rules state: "User abuse and technical abuse are not tolerated on Twitter.com, and may result in permanent suspension.

"Any accounts engaging in the activities specified below may be subject to permanent suspension: If you post multiple unrelated updates to a topic using #, trending or popular topic, or promoted trend."

TrendMicro said that many previous disasters had been exploited in a similar way and that it expected to see further exploitation of the MH17 crash.